Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability impacts WebPros Plesk's XML-RPC API, allowing unauthorized access to other customers' sensitive information, including FTP credentials, and potentially enabling code execution. The main concern is confirming relevance and exposure.
- Low-privilege users can access other account data.
- Affects common web hosting management software.
- Confirm if our hosted environments are impacted.
Attack Path
How an attacker could exploit the issue
An attacker with low-level customer access can exploit a flaw in the XML-RPC API to view domain information they shouldn't have access to. This bypasses security checks, allowing the attacker to potentially steal other users' FTP credentials. These exposed credentials could then be used to execute code on the system as another customer.
- Requires authenticated customer access.
- Triggers via specific XML-RPC API lookups.
- Results in cross-tenant data exposure.
Live Threat
Current exploitation, exposure, and threat context
A low-privileged authenticated customer could exploit an authorization flaw in the XML-RPC API to view domains they don't own. This may lead to the disclosure of other tenants' cleartext FTP credentials when legacy protocol versions are used, potentially allowing for code execution as another tenant's system user.
- Risk of tenant FTP credential exposure.
- Unauthorized domain lookup and data access.
- Potential for cross-tenant system user compromise.
Operational Fix
Recommended remediation, mitigation, and detection steps
WebPros Plesk platform owners and infrastructure teams are likely responsible for addressing this vulnerability. The immediate first step is to identify all Plesk instances, confirm their exposure and business criticality, and then assign ownership for remediation.
- Assign platform or infrastructure ownership.
- Verify Plesk instance exposure and criticality.
- Plan coordinated remediation or mitigation.